CISA, FBI issue alert for ongoing Scattered Spider activity
Scattered Spider, a threat group behind a series of high-profile cyber attacks, uses sophisticated social engineering attacks. The group has targeted Okta, MGM Resorts and Caesar’s Entertainment, causing prolonged disruptions and $100m in losses for MGM. Scattered Spider impersonates IT personnel and uses SIM swapping attacks to acquire sensitive user data. The group also uses […]
PCI Compliance Made Easy: 5 Technologies That Can Help
PCI Compliance, crucial for businesses handling credit card data, protects sensitive information, helps avoid financial and legal issues, and promotes overall security. Adopting technologies like tokenization, encryption, intrusion detection and prevention systems, security information and event management, and web application firewalls can simplify compliance. This not only bolsters data security but also enhances customer confidence […]
Increasing the maximum civil penalty amount for the Right to Work and Right to Rent Schemes: equality impact assessment (accessible)
The UK is increasing the penalty for employers and landlords who hire or rent to illegal immigrants. Starting in January 2024, employers will be fined up to £45,000 per illegal worker for a first offence and £60,000 for repeat offences.
Alphv ransomware gang claims it reported MeridianLink to SEC
Ransomware group Alphv claimed it compromised MeridianLink and reported the financial software company to the US Securities and Exchange Commission for not disclosing the breach promptly. The firm confirmed a cybersecurity incident, but did not comment on the claims or possible SEC report. The SEC’s new cybersecurity incident disclosure rules mandate that firms must disclose […]
Hackers Can Now Exploit a Security Flaw in Zoom Client
Zoom has discovered multiple high-severity vulnerabilities in its software that could potentially allow unauthorised users to perform cyber attacks. Vulnerabilities include improper authentication and exposure of sensitive information in Zoom clients, and client-side enforcement of server-side security. Users are advised to update to the latest software version for the most recent security updates and bug […]
Children’s tablet has malware and exposes kids’ data, researcher finds
The Dragon Touch KidzPad Y88X children’s tablet potentially exposes user information, says security researcher Alexis Hancock. The tablet, reportedly loaded with outdated software and malware, runs on an Android version five years old. Although the malware seemed inactive and targeted dormant servers, the device could automatically download and install new malware from the internet. Despite […]
Children’s tablet has malware and exposes kids’ data, researcher finds
Dragon Touch KidzPad Y88X, a children’s tablet, has been found to have security and privacy issues putting children’s data at risk, according to a report by Alexis Hancock from the Electronic Frontier Foundation. The Android device has traces of well-known malware, Corejava, comes with pre-loaded malware, and includes an outdated app store, KIDOZ. Despite Hancock’s […]
Sysdig Extends the Power of Detection and Response to Include Windows Server and Malware Threat Detection
San Francisco-based firm Sysdig has launched malware threat detection and Windows server detection. The company, a leading name in cloud security and specialising in runtime insights, said these features transform its broader cloud-native application protection platform (CNAPP) to provide better server threat detection across different use cases including containers, Kubernetes security, serverless and cloud logs.
9M health records spilled by transcription firm
Nearly 9 million Americans’ personal and health data has been compromised in the second largest cyberattack on US health-related data this year, targeting medical transcription service provider PJ&A. The breach, whose perpetrator remains unknown, involved theft of personal information ranging from dates of birth to hospital account numbers and test results. However, no usernames, passwords, […]
23% of organizations report little to no AI scalability
A recent cybersecurity report by Cisco found that only 14% of global organizations are fully prepared to deploy artificial intelligence (AI).
